Stop Errors
A Stop Error is a critical error in a Microsoft Windows operating system, where a severe hardware or software error stops the operating system from continuing to run. When a stop error occurs, the operating system immediately ceases to run. A black, blue or red error screen is immediately displayed with technical details to correct the error, a memory dump is made, and the PC may automatically reboot. Stop errors are generally caused by incompatible or broken device drivers, faulty memory, a corrupt registry or incompatible DLLs. __FORCEtoc__ Appearance & Name Most stop errors, which are blue screens with white text, are known by their affectionate nickname bluescreens or Blue Screen of Death (BSOD). The original stop errors were black, and red stop errors were visible in early builds of Windows Vista after a bootloader error. Stop errors are also referred to as "bug checks" in the Windows Software development kit and Driver development kit documentation. The color blue was chosen because there was a version of Windows NT for the DEC Alpha platform and there the console colors could not be changed in an easy way. For consistency reasons blue became the color for Stop errors on all platforms (alpha/i386/mips/ppc). By default, the display is white lettering on a blue (0x01, #0000AA) background, with information about current memory values and register values. For visually impaired users, Microsoft has added a utility that allows the user to change a setting in SYSTEM.INI that controls the colors that the BSOD code uses to any of the 16 EGA colors. Windows 95, 98 and Me use 80x25 text mode. The Windows NT BSOD uses 80x50 text mode. The screen resolution is 720x400. The XP BSOD uses the Lucida Console font while the Vista BSOD uses the Consolas font. Occurences & Actions In Windows NT, Windows 2000, Windows XP, Windows Server 2003 and Windows Vista, a stop error occurs when the kernel or a driver running in kernel mode encounters an error from which it cannot recover. This is usually caused by an illegal operation being performed. The only safe action the operating system can take in this situation is to restart the computer. As a result, data may be lost, as users are not given an opportunity to save data that has not yet been saved to the hard drive. A BSOD can also be caused by a critical boot loader error, where the operating system is unable to access the boot partition due to incorrect storage drivers or similar problems. The error code in this situation is STOP 0x0000007B (INACCESSIBLE_BOOT_DEVICE). In such cases, there is no memory dump saved. Since the system is unable to boot from the hard drive in this situation, correction of the problem often requires booting from the Microsoft Windows CD. After booting to the CD, it may be possible to correct the problem by performing a repair install or by using the Recovery Console (with CHKDSK). Embedded systems running Microsoft Windows NT Embedded and Windows XP Embedded have also been known to Bluescreen. These can include are Internet payphones, ATMs and information displays. On an unpatched Windows 95 or Windows NT 4.0 systems, it is possible for a BSOD to occur as a result of various internet attacks, like WinNuke. Debugging Each BSOD usually displays a message such as FILE_SYSTEM as well as a number like 0x00000022. The usual parameters displayed for the BSOD are the following: number of error (parameter, parameter, parameter, parameter) name of error By default, Windows will create a memory dump file when a blue screen error occurs. Depending on the OS version, there may be several formats this can be saved in, ranging from a 64 KB "mini dump" to a "complete dump" which is effectively a copy of the entire contents of physical RAM. The resulting memory dump file may be debugged later, using a kernel debugger. A debugger is necessary to obtain a stack trace, and may be required to ascertain the true cause of the problem; as the information onscreen is limited and thus possibly misleading, it may hide the true source of the error. Microsoft Windows can also be configured to send live debugging information to a kernel debugger running on a separate computer. (Windows XP also allows for kernel debugging from the machine that is running the OS.) If a blue screen error is encountered while a live kernel debugger is attached to the system, Windows will halt execution and cause the debugger to "break in", rather than displaying the BSOD. The debugger can then be used to examine the contents of memory and determine the source of the problem. The Windows debugger is available as a free download from Microsoft. Windows includes a feature that can be used to cause a blue screen manually. To enable it, the user must add a value to the Windows registry. After that, a BSOD will appear when the user presses the SCROLL LOCK key twice while holding the right CTRL key.3 This feature is primarily useful for obtaining a memory dump of the computer while it is in a given state. As such, it is generally used to aid in troubleshooting system hangs. In Windows XP, a stop error is configured by default to reboot immediately after performing the 64kb minidump. For this reason, the blue stop error screen is only flashed up briefly before the automatic reboot, and this can easily be missed by a user.